Issue with security update for the Remote Code Execution vulnerability in SQL Server 2016 SP2 (CU): August 14, 2018

On Tuesday August 14, we published a Security Update for six different releases of SQL Server 2016 and 2017. For one of those releases, SQL Server 16 SP2 CU (KB4293807), we inadvertently published additional undocumented trace flags that are normally not on by default. We are working on replacing the update in the next few days. If you installed KB4293807 and are experiencing issues please uninstall the update until the replacement update (KB4458621) is available.

Update: This has been resolved.  Please see post https://blogs.msdn.microsoft.com/sqlreleaseservices/resolved-issue-with-security-update-for-the-remote-code-execution-vulnerability-in-sql-server-2016-sp2-cu-august-14-2018/

Thank you

SQL Server Release Services

Comments

• Anonymous
  August 20, 2018
  FYI - KB4293808 (for SQL Server 2016 SP1) also reset the registry key to 0 for Service Pack compliance monitor in SCOM.
• Anonymous
  August 20, 2018
  This is a known issue in SQL Server 2016 SP1 MP: https://blogs.msdn.microsoft.com/sqlreleaseservices/released-system-center-management-pack-for-sql-server-and-dashboards-6-7-20-0/ Additional discussion: https://blogs.technet.microsoft.com/philipvandevyver/2018/01/05/sql-server-2016-management-pack-service-pack-compliance-sp1/Thank you SQL Server Release Services